Financial services firms caught up in massive Epsilon breach

Financial services firms caught up in massive Epsilon breach

A massive data breach at US cloud marketing and communications outfit Epsilon may have exposed the customer e-mail addresses of some of the country's largest banks.

Epsilon, which sends 40 billion marketing e-mails annually, released a statement on Friday saying that on 30 March it detected an "unauthorised entry" into its system that exposed customer names and email addresses.

TD Ameritrade, US Bank, Citibank, JPMorgan Chase and Capital One are among a host of companies to have come forward over the weekend and admitted that customer names and e-mail contacts may have been leaked during the Epsilon attack. Financial utility groups MoneyGram and Visa were also on the receiving end of the raid.

The hacked data appears to be limited to customer names and electronic contact addresses. No personal information such as credit cards or social security numbers were accessed.

In a statement, JPMorgan says: "We are advised by Epsilon that the files that were accessed did not include any customer financial information, but are actively investigating to confirm this."

Either way, the incident is major embarrassment for Epsilon's banking clients who must contact customers and warn them to be wary of future marketing communications and potential phishing threats.

Barclays Bank of Delaware, which was also caught up in the incident, posted this message to customers: "It is possible you may receive spam email messages as a result which could potentially ask you for additional information about your account. Please note, Barclays will never ask you in an email to verify sensitive information such as your full account number, Username, Password or Social Security Number. Therefore, any email which does so should be treated suspiciously, even if it looks like it comes from Barclays. As a reminder, we urge you to be cautious when opening links or attachments from unknown third parties."

Comments: (2)

A Finextra member
A Finextra member 04 April, 2011, 13:49Be the first to give this comment the thumbs up 0 likes

This is appaling and Epsilon should pay damages for this breach of trust and security. The banking system is fragile enough without clowns like this managing information on behalf of customers.

A Finextra member
A Finextra member 05 April, 2011, 13:51Be the first to give this comment the thumbs up 0 likes

Is this not a problem that is germane to 'cloud' - an archipelago of shared services facilities?